If it’s not in Entra, it doesn’t exist—to your policies, dynamic groups, or audit logs. Missing user metadata like department, title, or usageLocation can silently break downstream automations and cause inconsistencies that are hard to debug.
This post walks through how to audit Entra ID user profiles using PowerShell and Microsoft Graph, flagging any accounts with incomplete or empty property fields.
Prerequisites
- PowerShell 7+
- Microsoft Graph PowerShell SDK
- Admin permissions to Microsoft Entra ID
Install-Module Microsoft.Graph -Scope CurrentUser
Connect-MgGraph -Scopes "User.Read.All", "Directory.Read.All"
Note: You only need read access for this operation, not User.Write.All.
Properties We're Auditing
We’ll be checking each user for the following missing or blank fields:
- department
- jobTitle
- usageLocation
- manager
- mobilePhone, officeLocation (both optional)
You can customize this based on your environment.
Powershell Script
$propertiesToCheck = @("Department", "JobTitle", "UsageLocation", "Manager", "MobilePhone", "OfficeLocation")
$results = @()
$users = Get-MgUser -All -Property "Id,DisplayName,UserPrincipalName,Department,JobTitle,UsageLocation,Manager,MobilePhone,OfficeLocation"
foreach ($user in $users) {
$missingProps = @()
foreach ($prop in $propertiesToCheck) {
if (-not $user.$prop) {
$missingProps += $prop
}
}
if ($missingProps.Count -gt 0) {
$results += [PSCustomObject]@{
DisplayName = $user.DisplayName
UserPrincipalName = $user.UserPrincipalName
MissingProperties = ($missingProps -join ", ")
}
}
}
$results | Format-Table -AutoSize
The Results
PS C:\Users\logphile> New-SmartUser $propertiesToCheck = @("Department", "JobTitle", "UsageLocation", "Manager", "MobilePhone", "OfficeLocation")
>> $results = @()
>> $users = Get-MgUser -All -Property "Id,DisplayName,UserPrincipalName,Department,JobTitle,UsageLocation,Manager,MobilePhone,OfficeLocation"
>> foreach ($user in $users) {
>> $missingProps = @()
>> foreach ($prop in $propertiesToCheck) {
>> if (-not $user.$prop) {
>> $missingProps += $prop
>> }
>> }
>> if ($missingProps.Count -gt 0) {
>> $results += [PSCustomObject]@{
>> DisplayName = $user.DisplayName
>> UserPrincipalName = $user.UserPrincipalName
>> MissingProperties = ($missingProps -join ", ")
>> }
>> }
>> }
>> $results | Format-Table -AutoSize
DisplayName UserPrincipalName Missing Properties
----------- ----------------- ------------------
Warren Worthington [email protected] UsageLocation
Hank McCoy [email protected] UsageLocation
Piotr Nikolayevich Rasputin [email protected] UsageLocation
Scott Summers [email protected] UsageLocation
Bobby Drake [email protected] UsageLocation
Jean Grey [email protected] UsageLocation
Kurt Wagner [email protected] OfficeLocation
Phil Boyce [email protected] Department, JobTitle, MobilePhone, OfficeLocation
Charles Xavier [email protected] UsageLocation
James Howlett [email protected] UsageLocation
Exporting to CSV (Optional)
$results | Export-Csv -Path "EntraUserAudit.csv" -NoTypeInformation
Why This Matters
- Broken dynamic group rules
- License assignment failures
- Inaccurate compliance or org charts
- Missed automation triggers
Directory drift happens quietly. This gives you visibility and control.
Ideas to Extend This
- Auto-tag users with profileStatus = incomplete
- Send Teams alerts or email summaries
- Schedule via Azure Automation or GitHub Actions
References
- Microsoft Graph PowerShell SDK Docs
- User Resource Type - Microsoft Graph
- Graph Query Parameters Reference
Thanks for reading. I stepped away to be a stay-at-home dad and now plugging back in—one post, one project at a time. LogPhile is a learning log, a signal to employers, and proof of progress. Spot a mistake? Edge case I missed? Just want to connect? Don’t hesitate to reach out.